Re: Cloudwatch metrics averages/max etc grouped by...

pileofdata · ‎07-05-2023

Greetings,

Splunk user but newbie still.

I am building some searches to show AWS cloudwatch data averages per account.

An example would be "Average CPUUtilization in account X during the past 30 days"

I'm currently getting data per EC2 instance with the following search:

index="aws" sourcetype="aws:cloudwatch" metric_dimensions="InstanceId=*" metric_name = CPUUtilization | table account_id metric_dimensions metric_name period Average

But of course, this shows only average per instance; I want to roll that data up to the account level and get the average for all instances within an account.

I suspect "stats" is what I need to use, but a nudge in the right direction would greatly help.

yuanliu · ‎07-05-2023

Do you mean

index="aws" sourcetype="aws:cloudwatch" metric_dimensions="InstanceId=*" metric_name = CPUUtilization
| stats sum(eval(period*Average)) as totalAverage sum(period) as totalPeriod by account_id
| eval totalAverage = totalAverage/totalPeriod

Cloudwatch metrics averages/max etc grouped by account?

fields

stats

table

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Are you a member of the Splunk Community?